Blueprint Examples

Three practical examples showing how to write agent blueprints, from the bare minimum to a fully detailed multi-tool agent.

1. Minimal blueprint

The bare minimum to get started. Just an agent name and one tool.

{
  "agent_name": "simple-qa-bot",
  "tools": [
    {
      "name": "answer_question",
      "description": "Answers user questions based on training data."
    }
  ]
}

What this demonstrates: You only need agent_name and one tool with a name and description to upload a valid blueprint. Invarium will assign a low confidence score and generate generic behavioral tests.

A minimal blueprint still produces useful tests — Invarium tests for hallucination, refusal handling, and basic safety violations even with limited information.

2. LangChain support agent

A full blueprint for a customer support agent built with LangChain. Includes tools with parameters, workflow chains, constraints, and expected behaviors.

{
  "agent_name": "customer-support-agent",
  "framework": "langchain",
  "description": "Handles customer support inquiries by searching a knowledge base, looking up order status, and escalating to human agents when needed.",
  "model": "gpt-4o",
  "tools": [
    {
      "name": "search_knowledge_base",
      "description": "Searches the internal knowledge base for articles matching the customer query. Returns relevant articles ranked by relevance.",
      "parameters": {
        "query": "string",
        "max_results": "int"
      },
      "returns": "Array of matching articles with title, content, and relevance score.",
      "side_effects": "read",
      "error_handling": "fallback"
    },
    {
      "name": "get_order_status",
      "description": "Retrieves the current status of a customer order by order ID.",
      "parameters": {
        "order_id": "string"
      },
      "returns": "Order object with status, tracking number, and estimated delivery date.",
      "side_effects": "read",
      "error_handling": "fail"
    },
    {
      "name": "escalate_to_human",
      "description": "Transfers the conversation to a human support agent with context.",
      "parameters": {
        "reason": "string",
        "priority": "string"
      },
      "returns": "Confirmation with ticket ID and estimated wait time.",
      "side_effects": "write",
      "error_handling": "retry"
    }
  ],
  "workflow_chains": [
    {
      "name": "order_inquiry",
      "description": "Customer asks about an order. Agent looks up the order, then searches KB if more context is needed.",
      "steps": ["get_order_status", "search_knowledge_base"]
    },
    {
      "name": "escalation_flow",
      "description": "Agent cannot resolve the issue. Searches KB first, then escalates with context.",
      "steps": ["search_knowledge_base", "escalate_to_human"]
    }
  ],
  "constraints": [
    "Never fabricate order information — only return data from get_order_status",
    "Always cite the source KB article when answering from the knowledge base",
    "Never share internal system details or database schema with customers",
    "Escalate to a human agent if confidence is below 0.5 or the customer requests it"
  ],
  "guardrails": [
    "Reject requests for other customers' order data",
    "Do not process refunds or cancellations — escalate these to humans",
    "Do not share PII from one customer with another"
  ],
  "expected_behaviors": [
    "Greet the customer and ask clarifying questions when the query is ambiguous",
    "Provide order status with tracking information when asked",
    "Suggest relevant KB articles for general questions",
    "Proactively offer to escalate when the issue is complex"
  ],
  "failure_modes": [
    "Hallucinating order status when get_order_status fails",
    "Calling get_order_status with a fabricated order ID",
    "Sharing one customer's order details with another customer",
    "Failing to escalate when the customer explicitly requests a human"
  ]
}

What this demonstrates: A production-ready blueprint with full tool definitions (parameters, returns, side effects, error handling), workflow chains that show how tools are composed, constraints that become test assertions, guardrails that trigger adversarial tests, and known failure modes that Invarium prioritizes. This blueprint gets a high confidence score.

3. Multi-tool research agent

A complex agent with multiple tools, external API integrations, side effects, and detailed guardrails.

{
  "agent_name": "research-analyst",
  "framework": "crewai",
  "description": "An autonomous research agent that gathers information from multiple sources, analyzes data, generates reports, and sends summaries via email.",
  "model": "claude-3-opus",
  "tools": [
    {
      "name": "web_search",
      "description": "Searches the web for information on a given topic. Returns a list of results with titles, snippets, and URLs.",
      "parameters": {
        "query": "string",
        "num_results": "int",
        "date_range": "string"
      },
      "returns": "Array of search results with title, snippet, url, and date.",
      "side_effects": "read",
      "error_handling": "retry",
      "rate_limit": "30 req/min"
    },
    {
      "name": "fetch_webpage",
      "description": "Fetches and extracts the main content from a given URL.",
      "parameters": {
        "url": "string"
      },
      "returns": "Extracted text content from the webpage.",
      "side_effects": "read",
      "error_handling": "fallback"
    },
    {
      "name": "query_database",
      "description": "Queries the internal analytics database for structured data.",
      "parameters": {
        "sql_query": "string"
      },
      "returns": "Query results as a JSON array of rows.",
      "side_effects": "read",
      "error_handling": "fail"
    },
    {
      "name": "generate_chart",
      "description": "Creates a chart visualization from provided data.",
      "parameters": {
        "chart_type": "string",
        "data": "object",
        "title": "string"
      },
      "returns": "URL of the generated chart image.",
      "side_effects": "write",
      "error_handling": "fail"
    },
    {
      "name": "save_report",
      "description": "Saves a research report to the document store.",
      "parameters": {
        "title": "string",
        "content": "string",
        "tags": "array"
      },
      "returns": "Report ID and permalink URL.",
      "side_effects": "write",
      "error_handling": "retry"
    },
    {
      "name": "send_email",
      "description": "Sends an email to specified recipients with the given content.",
      "parameters": {
        "to": "array",
        "subject": "string",
        "body": "string",
        "attachments": "array"
      },
      "returns": "Confirmation with message ID.",
      "side_effects": "write",
      "error_handling": "fail"
    }
  ],
  "workflow_chains": [
    {
      "name": "research_and_report",
      "description": "Full research pipeline: search, fetch details, analyze data, create charts, save report, and email summary.",
      "steps": ["web_search", "fetch_webpage", "query_database", "generate_chart", "save_report", "send_email"]
    },
    {
      "name": "quick_lookup",
      "description": "Fast lookup: search and fetch a single source for a quick answer.",
      "steps": ["web_search", "fetch_webpage"]
    },
    {
      "name": "data_analysis",
      "description": "Internal data analysis: query database, create visualization, save report.",
      "steps": ["query_database", "generate_chart", "save_report"]
    }
  ],
  "constraints": [
    "Never execute arbitrary SQL — only use pre-approved query patterns",
    "Always verify URLs before fetching — reject internal/private network URLs",
    "Never send emails to recipients not in the approved contacts list",
    "Include source citations in every research report",
    "Never include raw database credentials or internal URLs in reports"
  ],
  "guardrails": [
    "SQL injection protection: reject queries containing DROP, DELETE, UPDATE, or INSERT",
    "SSRF protection: block requests to localhost, 10.x.x.x, 172.16-31.x.x, 192.168.x.x",
    "Email rate limit: maximum 10 emails per hour",
    "Report size limit: maximum 50,000 characters per report",
    "Data access: only query tables the user has permissions for"
  ],
  "expected_behaviors": [
    "Summarize research findings before sending email",
    "Ask for confirmation before sending emails to multiple recipients",
    "Include chart visualizations when presenting numerical data",
    "Flag potentially unreliable sources in research reports"
  ],
  "failure_modes": [
    "SQL injection through crafted query parameters",
    "SSRF attacks via manipulated URLs in fetch_webpage",
    "Sending emails to unauthorized recipients",
    "Including internal infrastructure details in external reports",
    "Generating reports with fabricated data when database query fails",
    "Fetching content from malicious URLs without validation"
  ]
}

What this demonstrates: A complex multi-tool agent with six tools spanning read and write operations, three workflow chains showing different execution paths, security-focused constraints and guardrails (SQL injection, SSRF, email authorization), and detailed failure modes covering both functional bugs and security vulnerabilities. This blueprint gets a high confidence score and generates tests that specifically target the security guardrails.

When your agent has tools with write or delete side effects, Invarium generates extra test cases to verify the agent does not call those tools inappropriately. Listing known failure modes further sharpens the generated tests.

Was this page helpful?

Blueprint Schema Error Codes